CVE-2020-19554

Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...

CVE-2020-19554

Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...

Cross site scripting

Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...

CVE-2020-19554

Cross Site Scripting XSS vulnerability exists in ManageEngine OPManager =12.5.174 when the API key contains an XML-based XSS payload...

Zoho Corporation ManageEngine OPManager 跨站脚本漏洞

Zoho Corporation ManageEngine OpManager is a comprehensive network monitoring software from Zoho Corporation, USA. It is used to manage routers, firewalls, servers, switches and printers. A cross-site scripting vulnerability exists in ManageEngine OPManager =12.5.174, which stems from an API key...

Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Plugin's Settings General "Error message for...

CVE-2021-22149

Elastic Enterprise Search App Search versions prior to 7.14.0 are affected by a missing authorization weakness for API keys via an alternate route, enabling an authenticated attacker to use API keys belonging to higher-privileged users. Root cause: API keys not properly bound/authorized in altern...

Git-Secret - Go Scripts For Finding An API Key / Some Keywords In Repository

Goscripts for finding an API key / some keywords in repository Update V1.0.1 Removing some checkers Adding example file contains github dorks How to Install go get github.com/daffainfo/Git-Secret How to Use ./Git-Secret For path contain dorks, you can fill it with some keywords, for example...

Cross site scripting

The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the apikey in the /views/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.10...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin. WordPress Smart Email Alerts plug-in has a cross-site...

Ruby on Rails: Sauce Labs API key unencrypted in an old commit

Vulnerability description not provided...

Smart Email Alerts <= 1.0.10 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the apikey in the /views/settings.php file which allows attackers to inject arbitrary web scripts...

Shopify: Senseitive data Related to Shopify Host -> https://shopify.zendesk.com/

Description : Github is truly awesome service but its unwise to put sensitive data in public repo as i was found a repo committed 1 houre ago contain Senseitive data Credentials && ZRTAPIKEY && JWTSECRET related to this Host - https://shopify.zendesk.com/ leaked publicly in github, and clearly th...

ElasticSearch 7.13.3 - Memory disclosure

Exploit Title: ElasticSearch 7.13.3 - Memory disclosure Date: 21/07/2021 Exploit Author: r0ny Vendor Homepage: https://www.elastic.co/ Software Link: https://github.com/elastic/elasticsearch Version: 7.10.0 to 7.13.3 Tested on: Kali Linux CVE : CVE-2021-22145 /usr/bin/python3 from argparse import...

Cross-Site Request Forgery (CSRF) in emoncms/dashboard

💥 BUG csrf bug to regenerate api-key 💥 STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/user/newapikeywrite.json and a new api key will be generated. 💥 IMPACT Any attacker can send those link to vicitm and when vicitm open the link then api-key will be...

CVE-2021-20748

Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

Hardcoded credentials

Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

CVE-2021-20748

Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

CVE-2021-20748

The CVE-2021-20748 entry concerns Retty App for Android (versions prior to 4.8.13) and iOS (versions prior to 4.11.14) that hard-code an API key for an external service. The root cause is a hard-coded credential embedded in the app, allowing an observer analyzing the app’s data to obtain the API ...

JVN#26891339: Multiple vulnerabilities in Retty App

Retty App provided by Retty Inc. contains multiple vulnerabilities listed below. The app is launched by Custom URL Scheme and a user may be led to access an arbitrary URL CWE-939 - CVE-2021-20747 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score:...